Security
Our Commitment to Security
At Nityasha, security is not an afterthought—it's fundamental to everything we build. We understand that you're entrusting us with your personal information, conversations, and integrated data. This document outlines our comprehensive approach to protecting your data through enterprise-grade security measures, transparent practices, and continuous improvement.
Infrastructure Security
Enterprise-Grade Cloud Infrastructure: Nityasha is hosted on secure, industry-leading cloud infrastructure with built-in redundancy, DDoS protection, and 99.9% uptime guarantees. Our servers are distributed across multiple availability zones to ensure reliability and disaster recovery.
Encryption at Rest and in Transit: All data stored in our systems is encrypted using AES-256 encryption. Data transmitted between your device and our servers is protected using TLS 1.3 encryption, ensuring that your information remains secure during transit.
Secure Database Architecture: Our databases are configured with strict access controls, regular automated backups, and point-in-time recovery capabilities. Database connections are encrypted and limited to authorized services only.
Network Security: We implement comprehensive network security measures including firewalls, intrusion detection systems (IDS), and intrusion prevention systems (IPS) to monitor and block malicious activities.
Application Security
Secure Authentication: User authentication is handled through industry-standard protocols with support for multi-factor authentication (MFA). Passwords are hashed using bcrypt with appropriate salt rounds, and we enforce strong password policies.
API Security: All API endpoints are protected with rate limiting, request validation, and authentication tokens. We implement OAuth 2.0 for third-party integrations to ensure secure, scoped access to your data.
Input Validation and Sanitization: We validate and sanitize all user inputs to prevent common vulnerabilities such as SQL injection, cross-site scripting (XSS), and command injection attacks.
Session Management: User sessions are managed securely with encrypted session tokens, automatic expiration, and protection against session hijacking and fixation attacks.
AI Model Security
Secure Model Training: Our AI models (Neorox, Neorox-lite, and Neorox-pro) are trained in isolated, secure environments with strict access controls. Training infrastructure is separated from production systems to minimize risk.
Data Privacy in AI Processing: While your interaction data is used to improve our AI models as outlined in our Privacy Policy, we implement privacy-preserving techniques including data anonymization and aggregation where appropriate.
Prompt Injection Protection: We employ multiple layers of defense against prompt injection attacks, including input filtering, context isolation, and output validation to ensure the AI cannot be manipulated to reveal sensitive information or perform unintended actions.
Model Access Controls: Access to our AI models and training data is restricted to authorized personnel only, with all access logged and monitored.
Third-Party Integration Security
Vendor Security Assessment: All third-party service providers undergo security assessments to ensure they meet our standards for data protection, encryption, and compliance.
Limited Data Sharing: We only share data with third-party services as necessary to provide our Service, and all such providers are contractually obligated to maintain confidentiality and security.
Security Monitoring and Incident Response
24/7 Security Monitoring: Our systems are monitored around the clock for suspicious activities, security anomalies, and potential threats. We use automated alerting and logging to detect and respond to incidents quickly.
Vulnerability Management: We conduct regular security assessments, including vulnerability scanning and penetration testing, to identify and remediate potential security issues before they can be exploited.
Incident Response Plan: We maintain a comprehensive incident response plan that includes procedures for detection, containment, investigation, and recovery. In the event of a security incident, we will notify affected users promptly in accordance with applicable laws.
Security Patch Management: We apply security patches and updates to our systems promptly to protect against known vulnerabilities.
Data Access Controls
Principle of Least Privilege: Access to user data is strictly limited to authorized personnel who require it to perform their job functions. We follow the principle of least privilege to minimize exposure.
Employee Security Training: All team members undergo regular security training covering data handling best practices, social engineering awareness, and incident response procedures.
Access Logging and Auditing: All access to sensitive data and systems is logged and regularly audited. We maintain detailed audit trails for compliance and forensic purposes.
Background Checks: Employees with access to sensitive systems undergo background checks as part of our hiring process.
Compliance and Certifications
GDPR Compliance: We comply with the General Data Protection Regulation (GDPR) for users in the European Economic Area, providing rights to access, rectify, erase, and port your data.
CCPA Compliance: We comply with the California Consumer Privacy Act (CCPA) and provide California residents with enhanced privacy rights.
Industry Standards: Our security practices align with industry frameworks including OWASP Top 10, NIST Cybersecurity Framework, and ISO 27001 principles.
Regular Audits: We conduct regular internal security audits and are committed to pursuing third-party security certifications such as SOC 2 Type II as we scale.
User Security Best Practices
We recommend the following practices to help protect your account:
Enable Multi-Factor Authentication (MFA): Add an extra layer of security to your account by enabling MFA in your account settings.
Use Strong, Unique Passwords: Create strong passwords that are unique to your Nityasha account. Consider using a password manager.
Review Connected Integrations: Regularly review and revoke access for any integrations you no longer use.
Keep Software Updated: Ensure your browser and operating system are up to date with the latest security patches.
Be Cautious with Sensitive Information: While we protect your data, avoid sharing highly sensitive information like passwords or financial credentials through the assistant.
Log Out on Shared Devices: Always log out of your account when using shared or public computers.
Reporting Security Issues
We take security vulnerabilities seriously and appreciate the security research community's efforts to help keep Nityasha secure.
Responsible Disclosure: If you discover a security vulnerability, please report it to us at security@nityasha.com. We request that you do not publicly disclose the issue until we have had an opportunity to address it.
What to Include: Please provide detailed information including steps to reproduce the vulnerability, potential impact, and any relevant screenshots or proof-of-concept code.
Our Commitment: We will acknowledge your report within 48 hours and work with you to understand and resolve the issue. We are committed to keeping you informed throughout the process.
Updates to This Security Statement
We continuously improve our security practices and may update this document to reflect new measures, technologies, or compliance requirements. Material changes will be communicated to users via email or through our platform. We encourage you to review this page periodically to stay informed about how we protect your information.
Contact Us
If you have questions about our security practices or would like to report a security concern, please contact us:
Security Issues: security@nityasha.com
General Support: support@nityasha.com
General Inquiries: hello@nityasha.com
Your security and privacy are our top priorities. Thank you for trusting Nityasha with your personal assistant needs.